This document discusses systems and reporting requirements under the Affordable Care Act. It covers key topics like systems for eligibility, enrollment, data collection, financial reporting, and electronic health records. It also addresses data validation, reporting requirements for enrollment, issuer, and financial data. Finally, it provides important dates for when systems must be in compliance and when various reporting deadlines take effect.
Health care providers have become prime targets of cyber criminals, since they hold a treasure trove of irresistible data, including Social Security numbers and medical records (think access to prescription painkillers). As cyber criminals become more sophisticated, medical practices are more vulnerable than ever.
In this webinar "Data Breach: It Can Happen To You," hosted by the Cooperative of American Physicians, Inc. (CAP), viewers will learn:
+ What a data breach is
+ Its economic impact
+ Why the threat is growing
+ Steps to take to protect yourself
+ The must-dos in the event of a breach
Watch the webinar here —> https://youtu.be/mqdMA-UZNy0
About Our Presenters:
Melvin Osswald, Vice President Program Underwriting, NAS Insurance — Ms. Osswald joined NAS in 2002 and specializes in health care, cyber liability, employment practice, directors and officers coverage. Ms. Osswald currently supports NAS’ reinsurance programs and oversees the underwriting and product development of Billing Errors and Omissions, Cyber Liability, Employment Practices Liability, and Directors and Officers programs created to address the new exposures facing health care providers. She has been featured as a guest speaker at various industry conferences addressing the evolving professional liability risks in health care, and served on the Steering Committee of the Southern California Chapter of the Professional Liability Underwriting Society.
Chris Reese, Vice President, Director of Underwriting, NAS Insurance — As part of NAS’ key management team, Ms. Reese provides insurance solutions for clients in the health care industry. She has held leadership positions on both the underwriting and retail broker sides of the business, and has worked in the London market for a reinsurance intermediary. Ms. Reese has been involved with cyber risk insurance for the health care industry since 2004, providing coverage to physicians, medical groups, and integrated delivery systems.
MORE SLIDESHARE PRESENTATIONS
http://www.slideshare.net/capphysicians/presentations
VISIT OUR WEBSITE
http://www.cappphysicians.com
LET'S CONNECT
Twitter: http://www.twitter.com/CAPphysicians
LinkedIn: https://www.linkedin.com/company/cooperative-of-american-physicians-inc-
Facebook: http://www.facebook.com/CooperativeofAmericanPhysiciansInc
Youtube: http://youtube.com/CAPphysicians
Google+: http://www.google.com/+Capphysicians
Welcome to the first Verizon Protected Health Information Data Breach Report (PHIDBR).
We’re the same team that has brought you the Verizon Data Breach Investigations Report
(DBIR) since 2008, and we are excited to revisit some of that data and bring in
some new incidents for this report.
The purpose of this study is to shed light on the problem of medical data loss—how it is
disclosed, who is causing it and what can be done to combat it. This is a far-reaching
problem that impacts not only organizations that are victims of these breaches, but also
doctor-patient relationships. And it can have consequences that spread more broadly
than just those directly affected by the incidents.
Universal Unique Patient Information Identifier UUPIIFrank Avignone
While there is merit to both sides of the privacy argument there is no longer any argument that could withstand scrutiny against a universal way to identify individuals longitudinal health information and to make that data available both in a de-identified fashion for global population health management efforts and an identified fashion for routine and emergent health services. This academic work will make arguments for the Universal Unique Patient Information Identifier UUPII from technology integration, financial implications, patient safety and legal perspectives supporting a combination of techniques that will provide scalability and flexibility that other national systems such as the Social Security Number could achieve. The bulk of the arguments will focus on the Risk, Compliance, and regulatory perspectives that support the rational for a safe, secure and private universal unique patient information identifier.
This slide pack is full of knowledge around cybersecurity and the major terms in that domain. It will help you to learn and increase your understanding of cybersecurity.
Protection of personal data in Belarus/ Абарона персанальных дадзеных / Защита персональных данных
Overview of the situation with the protection of personal data in Belarus.
Презентация на русском языке - http://www.slideshare.net/belhelcom/ss-43981455
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
Health care providers have become prime targets of cyber criminals, since they hold a treasure trove of irresistible data, including Social Security numbers and medical records (think access to prescription painkillers). As cyber criminals become more sophisticated, medical practices are more vulnerable than ever.
In this webinar "Data Breach: It Can Happen To You," hosted by the Cooperative of American Physicians, Inc. (CAP), viewers will learn:
+ What a data breach is
+ Its economic impact
+ Why the threat is growing
+ Steps to take to protect yourself
+ The must-dos in the event of a breach
Watch the webinar here —> https://youtu.be/mqdMA-UZNy0
About Our Presenters:
Melvin Osswald, Vice President Program Underwriting, NAS Insurance — Ms. Osswald joined NAS in 2002 and specializes in health care, cyber liability, employment practice, directors and officers coverage. Ms. Osswald currently supports NAS’ reinsurance programs and oversees the underwriting and product development of Billing Errors and Omissions, Cyber Liability, Employment Practices Liability, and Directors and Officers programs created to address the new exposures facing health care providers. She has been featured as a guest speaker at various industry conferences addressing the evolving professional liability risks in health care, and served on the Steering Committee of the Southern California Chapter of the Professional Liability Underwriting Society.
Chris Reese, Vice President, Director of Underwriting, NAS Insurance — As part of NAS’ key management team, Ms. Reese provides insurance solutions for clients in the health care industry. She has held leadership positions on both the underwriting and retail broker sides of the business, and has worked in the London market for a reinsurance intermediary. Ms. Reese has been involved with cyber risk insurance for the health care industry since 2004, providing coverage to physicians, medical groups, and integrated delivery systems.
MORE SLIDESHARE PRESENTATIONS
http://www.slideshare.net/capphysicians/presentations
VISIT OUR WEBSITE
http://www.cappphysicians.com
LET'S CONNECT
Twitter: http://www.twitter.com/CAPphysicians
LinkedIn: https://www.linkedin.com/company/cooperative-of-american-physicians-inc-
Facebook: http://www.facebook.com/CooperativeofAmericanPhysiciansInc
Youtube: http://youtube.com/CAPphysicians
Google+: http://www.google.com/+Capphysicians
Welcome to the first Verizon Protected Health Information Data Breach Report (PHIDBR).
We’re the same team that has brought you the Verizon Data Breach Investigations Report
(DBIR) since 2008, and we are excited to revisit some of that data and bring in
some new incidents for this report.
The purpose of this study is to shed light on the problem of medical data loss—how it is
disclosed, who is causing it and what can be done to combat it. This is a far-reaching
problem that impacts not only organizations that are victims of these breaches, but also
doctor-patient relationships. And it can have consequences that spread more broadly
than just those directly affected by the incidents.
Universal Unique Patient Information Identifier UUPIIFrank Avignone
While there is merit to both sides of the privacy argument there is no longer any argument that could withstand scrutiny against a universal way to identify individuals longitudinal health information and to make that data available both in a de-identified fashion for global population health management efforts and an identified fashion for routine and emergent health services. This academic work will make arguments for the Universal Unique Patient Information Identifier UUPII from technology integration, financial implications, patient safety and legal perspectives supporting a combination of techniques that will provide scalability and flexibility that other national systems such as the Social Security Number could achieve. The bulk of the arguments will focus on the Risk, Compliance, and regulatory perspectives that support the rational for a safe, secure and private universal unique patient information identifier.
This slide pack is full of knowledge around cybersecurity and the major terms in that domain. It will help you to learn and increase your understanding of cybersecurity.
Protection of personal data in Belarus/ Абарона персанальных дадзеных / Защита персональных данных
Overview of the situation with the protection of personal data in Belarus.
Презентация на русском языке - http://www.slideshare.net/belhelcom/ss-43981455
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
HIPAA Compliance and Security in a Mobile WorldRyan Snell
With healthcare regulations evolving to account for the explosion of mobile devices (BYOD) being used at work, HIPAA compliance is critical for all healthcare organizations who are facing security breaches and hefty fines.
Michelle Caswell, Senior Director of Legal & Compliance at Clearwater Compliance, reviews HIPAA, violations and effective compliance. Having worked as a HIPAA Investigator at the Office for Civil Rights, Michelle brings first-hand understanding and passion to the discussion, focusing on the future of HIPAA and how BYOD solutions affect healthcare organizations’ compliance and patient record safety.
Federal Benefits Developments - Audits Abound: Are You Ready?CBIZ, Inc.
From Benefits Law Journal, Summer 2014 Issue. This article covers:
- What Triggers a Plan Audit?
- DOL Audits of Health and Pension Plans
- IRS Audits of Pension and Retirement Plans
- HIPAA Privacy and Security Audits
- How Can a Plan Sponsor Best Be Fortified
to Withstand an Audit?
- What Should a Plan Sponsor Do?
Developments in accrual accounting: United States - Christina Ho, United StatesOECD Governance
This presentation was made by Christina Ho, United States, at the 15th Annual OECD Public Sector Accruals Symposium held in Paris on 26-27 February 2015.
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
HIPAA Compliance and Security in a Mobile WorldRyan Snell
With healthcare regulations evolving to account for the explosion of mobile devices (BYOD) being used at work, HIPAA compliance is critical for all healthcare organizations who are facing security breaches and hefty fines.
Michelle Caswell, Senior Director of Legal & Compliance at Clearwater Compliance, reviews HIPAA, violations and effective compliance. Having worked as a HIPAA Investigator at the Office for Civil Rights, Michelle brings first-hand understanding and passion to the discussion, focusing on the future of HIPAA and how BYOD solutions affect healthcare organizations’ compliance and patient record safety.
Federal Benefits Developments - Audits Abound: Are You Ready?CBIZ, Inc.
From Benefits Law Journal, Summer 2014 Issue. This article covers:
- What Triggers a Plan Audit?
- DOL Audits of Health and Pension Plans
- IRS Audits of Pension and Retirement Plans
- HIPAA Privacy and Security Audits
- How Can a Plan Sponsor Best Be Fortified
to Withstand an Audit?
- What Should a Plan Sponsor Do?
Developments in accrual accounting: United States - Christina Ho, United StatesOECD Governance
This presentation was made by Christina Ho, United States, at the 15th Annual OECD Public Sector Accruals Symposium held in Paris on 26-27 February 2015.
The Affordable Care Act Part 4: Systems and Reporting
1. T HE A FFORDABLE C ARE A CT:
S YSTEMS & R EPORTING
2. O VERVIEW
• Systems
• Data Validation
• Program Integrity
• Financial Integrity
• Prevention of Fraud, Waste, and Abuse
• Program Transparency
• Reporting Requirements
• Key Dates
PAGE 2
4. S YSTEMS
• Systems include both policies and procedures and
information technology systems (e.g., a database or a
website) put in place to accomplish a specific task or
requirement
• Systems should be established to support:
o Eligibility and Enrollment
o Data Collecting and Processing
o Financial Reporting
o Electronic Health Records (EHRs)
o Privacy and Security Standards
PAGE 4
5. S YSTEMS :
E LIGIBILITY AND E NROLLMENT
• Exchanges must have a system in place that will both
determine eligibility and enroll applicants into the chosen
QHP
• The system must:
o Have a web portal
o Be streamlined for simplicity
o Determine eligibility for government sponsored
healthcare/tax benefits
o Communicate with other systems, such as CMS and IRS
databases
PAGE 5
6. S YSTEMS :
D ATA C OLLECTING AND P ROCESSING
• ACA §4302 allows for data collection in order to determine
health care disparities and demographics
o Race and ethnicity, gender, primary language, and disability
status are the types of data collected
o Data is collected to ensure that minorities and underserved
communities have access to healthcare
• A work group consisting of HHS, OMB, and the Census
Bureau is helping states to develop standards for data
collection and processing
PAGE 6
7. S YSTEMS :
F INANCIAL R EPORTING
• In order to determine if an applicant is eligible for tax
credits, data must be provided to the Exchange
• Data submitted can include:
o Name, DOB, SSN
o Household size, Income
o Employer coverage
o EIN, # of employees, amounts paid for employee
• Exchanges will submit financial and demographic data
electronically
PAGE 7
8. S YSTEMS :
F INANCIAL R EPORTING FOR
TAX C REDITS
Small Business Health Care Tax Credit
o Employers report to IRS number of employees, employee
roster, average annual salary paid, and the amount paid for
employee health coverage
Health Insurance Premium Tax Credit
o Individuals need to report income information, family size,
and information on changes in circumstances
PAGE 8
9. S YSTEMS :
E LECTRONIC HEALTH R ECORDS
(EHR S )
• EHRs are digital health records that allow medical
providers (i.e., physicians and hospitals) to electronically
send and receive patient information to/from other
medical providers
• EHRs must follow the Health Insurance Portability and
Accountability Act (HIPAA), Protected Health Information
(PHI), and Personally Identifiable Information (PII)
standards for protecting patient’s medical information
PAGE 9
10. S YSTEMS :
P RIVACY AND S ECURITY S TANDARDS
• Exchanges are required to follow applicable HIPAA, PHI,
and PII security laws; and
• ACA §1104 administrative standards, which include :
o Standards and operating rules for EFT and remittance
advice,
o A unique identifier for health plans,
o A standard for claims attachments, and
o Requirements that health plans certify compliance with all
HIPAA standards and operating rules
PAGE 10
12. D ATA VALIDATION :
A PPLICANT
Data validation for individual applicants by Exchange:
• Basic Information Verification ensure all fields are complete
and data is valid
• Citizenship Verification applicant’s citizenship status is
compared to Social Security Administration records or, in some
instances the Department of Homeland Security records
• Incarceration Status Verification SSN will be used to verify
incarceration status
• Income Verification income data will be compared to
Internal Revenue Service records for tax credit/government-
based healthcare eligibility
PAGE 12
13. D ATA VALIDATION :
A PPLICANT
• The proposed federal data services hub is expected
to have verification services operational for the
open enrollment period beginning on October 1,
2013.
• The Department of Health and Human Services
(HHS) has contracted with Quality Software
Services, Inc. to “build and support the operations
of a federal data service hub that will provide data
verification to support eligibility processes for all
Exchanges, Medicaid, and CHIP.”
PAGE 13
14. D ATA VALIDATION :
E MPLOYER -S PONSORED C OVERAGE
Data validation for employer-sponsored coverage by Exchange:
• Employee Information compared to either the employer
provided information or to a governmental agency
• Employer Information compared to governmental
agencies, such as the Department of the Treasury,
Department of Labor, and the Social Security Administration
PAGE 14
15. D ATA VALIDATION :
E MPLOYER -S PONSORED C OVERAGE
• HHS expects the infrastructure for an authoritative
data source to be in place by 2016.
• In the interim, for the plan years 2014-2015, HHS is
seeking ideas from various stakeholders (e.g.,
employers, the health care industry, and other
government agencies) on this topic.
• Through the federal rulemaking process there have
been several options proposed for the interim
process for employment verification.
PAGE 15
16. D ATA VALIDATION :
R ISK A DJUSTMENT
Please refer • HHS proposed risk adjustment data validation process will
to our
include the following steps:
previous
piece on 1. Sample Selection
Risk and 2. Initial Validation Audit
Reinsurance 3. Second Validation Audit
for more
information 4. Error Estimation
on the Risk 5. Appeals
Adjustment 6. Payment Adjustments
Programs.
• After data validation, the state/HHS will be able to adjust
the average actuarial risk of each plan or payments/charges
PAGE 16
based on risk changes
18. R EPORTING R EQUIREMENTS :
E NROLLMENT D ATA
Exchanges and health plan issuers must report
enrollment data for each of the following to HHS:
• Individual applicants (unemployed or enrolling in
insurance not through an employer)
o Name, address, household income, household size ,
proof of citizenship/immigration status
• Employers
o Employer name, address and contact information
o Employee roster and number of employees
• Employees
PAGE 18 o Name, address, contact information, DOB, dependent
information
19. R EPORTING R EQUIREMENTS :
I SSUER D ATA
Issuers in each state that offer the three largest
health insurance products must submit the following
information to HHS:
• Information that identifies their individual health
plans
• Descriptive data of the health plans
• Information on any treatment limitations
• Information about plan drug coverage
• Information about plan enrollment
PAGE 19
20. R EPORTING R EQUIREMENTS :
F INANCIAL D ATA
ACA §1313 – Financial integrity
• Exchanges must account for expenditures and all activities and
submit annual reports to HHS
• HHS audits Exchanges annually
• GAO Comptroller General can conduct studies of Exchange
operations
ACA §10109 – Development of standards for financial and
administrative transactions
• Standard application process
• Greater transparency for claim edits
• Standardized forms for required financial audits
• Standards on whether timeliness of payment rules should be
PAGE 20
published by health plans
22. K EY D ATES :
S YSTEMS & R EPORTING
DATE EVENT
April 1 Beginning in 2012, drug manufacturers/distributors are required
to send annual reports to HHS on drug sample requests and
distributions from the previous year.
June 30 Beginning in 2012, annual reports from PBM due to HHS.
March 31, 2013 Annual reports on physician payments due to HHS from
and on the 90th day manufacturers for the previous year.
of every year
following
December 31, 2013 Health plans must certify that data and information systems are
in compliance with applicable standards and operating rules for:
• Health plan eligibility,
• Health claim status,
• EFTs, and
• Health care payment and remittance advice.
PAGE 22
23. K EY D ATES :
S YSTEMS & R EPORTING
DATE EVENT
January 1, 2014 Operating rules and standards for EFT and remittance advice in
effect .
January 31 Beginning 2015, employers are to annually file a report with the
IRS certifying employee enrollment in minimum essential
coverage through an employer-sponsored plan for the previous
year.
December 31, 2015 Health plans must certify data and information systems are in
compliance with applicable standards and operating rules for:
Health claims or equivalent encounter information,
Enrollment and disenrollment in a health plan,
Health plan premium payments,
Referral certification and authorization, and
Health claims attachments .
January 1, 2016 Operating rules for all health plan certification as described
above are in effect.
PAGE 23
24. R EED & A SSOCIATES , CPA S
For more information on Reed & Associates, CPAs please
contact us at:
inquire@reedassociatescpas.com
Phone: 860-395-1996
Or visit our website:
reedassociatescpas.com
PAGE 24
Quality. Integrity. Experience.